Systems and methods for authenticating devices in a sensor-web network

ABSTRACT

There is provided a method for distributing sensor data. The method includes receiving, from a requesting device, a request to access first sensor-collectable data associated with at least one package. The requesting device is authenticated to access the first sensor-collectable data. And when second sensor-collectable data is associated with a predetermined value, the method also includes denying the request for access.

RELATED APPLICATION

This application claims priority from U.S. Provisional Application No.61/445,267, filed Feb. 22, 2011, the entire contents of which are herebyincorporated by reference in their entirety.

TECHNICAL FIELD

The present disclosure generally relates to the field of computerizedsystems. More particularly, the disclosure relates to computerizedsystems and methods for authenticating devices in a sensor-web network,such as a wireless mesh network.

BACKGROUND INFORMATION

A wireless mesh network is a communications network made up of radionodes organized in a mesh topology. Wireless mesh networks often consistof mesh clients, mesh routers and gateways. The mesh clients may bewireless devices and the gateways may permit access to outside networks,such as the Internet. The mesh routers, meanwhile, may forward trafficbetween the mesh clients and the gateways. The coverage area of theradio nodes working as a single network may be called a mesh cloud.Access to the mesh cloud may be dependent on the radio nodes working inharmony with each other to create a radio network.

A mesh network may be reliable and offer redundancy. When one node canno longer operate, the rest of the nodes may still be able tocommunicate with each other, directly or through one or moreintermediate nodes. Wireless mesh networks may be implemented withvarious wireless technology including 802.11, 802.16, cellulartechnologies or combinations of more than one type.

A wireless mesh network may be seen as a special type of wireless ad-hocnetwork. The mesh routers may be highly mobile and may have moreresources as compared to other nodes in the network, such as the meshclients. The mesh routers, therefore, may be used to perform moreresource intensive functions. In this way, the wireless mesh networkdiffers from an ad-hoc network in which the nodes are often constrainedby resources.

In some cases, the nodes in the network are data-collection and storagedevices, such as sensors. Because the sensors may be able to share thecollected data, data security may be an issue. Accordingly, it may benecessary to implement systems and methods for protecting thesensor-collectable data.

SUMMARY

In accordance with the invention, there is provided a method fordistributing sensor data, the method comprising: receiving, from arequesting device, a request to access first sensor-collectable dataassociated with at least one package, wherein the requesting device isauthenticated to access the first sensor-collectable data; and whensecond sensor-collectable data is associated with a predetermined value,denying the request for access.

In accordance with the invention, there is also provided acomputer-readable medium storing program instructions, which, whenexecuted by a processor, cause the processor to perform a method fordistributing sensor data, the method comprising: receiving, from arequesting device, a request to access first sensor-collectable dataassociated with at least one package, wherein the requesting device isauthenticated to access the first sensor-collectable data; and whensecond sensor-collectable data is associated with a predetermined value,denying the request for access.

In accordance with the invention, there is also provided a device fordistributing sensor data, the device comprising: an I/O unit configuredto receive, from a requesting device, a request to access firstsensor-collectable data associated with at least one package, whereinthe requesting device is authenticated to access the firstsensor-collectable data; and a processor configured to deny the requestfor access when second sensor-collectable data is associated with apredetermined value.

Additional aspects of the invention will be set forth in part in thedescription which follows, and in part will be obvious from thedescription, or may be learned by practice of the invention. The aspectsof the invention will be realized and attained by means of the elementsand combinations particularly pointed out in the appended claims.

It is to be understood that both the foregoing general description andthe following detailed description are exemplary and explanatory onlyand are not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of this specification, illustrate one (several) embodiment(s) ofthe invention and together with the description, serve to explain theprinciples of the invention.

FIG. 1 illustrates an exemplary system for collecting data about anenvironment of a package.

FIG. 2 is a block diagram illustrating exemplary devices and hosts usedin disclosed embodiments.

FIG. 3 is a flow chart of the operations of an exemplary method forsending sensor-collectable data from a sensor device to a requestingdevice

FIG. 4 illustrates a table for authenticating a requesting device.

FIG. 5 is a flow chart of the operations of an exemplary method forsending sensor-collectable data from a sensor device to a requestingdevice, when the requesting device requests multiple types ofsensor-collectable data.

FIG. 6 is a flow chart of the operations of an exemplary method forsending sensor-collectable data from a sensor device to a destination inaccordance with routing information provided by a requesting device.

FIG. 7 is a flow chart of the operations of an exemplary method forsending sensor-collectable data from a sensor device to a requestingdevice, if certain sensor-collectable data is associated with aparticular value or range.

DETAILED DESCRIPTION

This disclosure generally relates to the collection and distribution ofinformation collected from one or more sensors associated with a packagein a delivery network. The sensors may used to collect informationassociated with packages. The collected information may be provided torequesting devices.

For purposes of this disclosure, a container or package may be a box,envelope or any other media used to ship documentation or products fromone point to another. Goods are typically held in a container to form apackage. Thus, a package can include one or more types of goods whichrequire specific conditions during part or all of the transit processbetween the source and destination, including, for example, perishablesor controlled substances. The particular shape or size of a package isnot particularly important to this description. The delivery network maydeliver packages of a variety of shapes and sizes.

The delivery network in one example comprises a network oftransportation vehicles such as airplanes, trains, trucks and othermeans for transporting goods of any type. The delivery network may beused to collect packages from sources (for example, senders) and todeliver the packages to destinations (for example, recipients).

In one example, one or more sensors may be associated with a package; inother words, the one or more sensors may be placed within a package,attached to a package, or otherwise placed within a vicinity of thepackage. The sensor may be configured to collect particular types ofinformation associated with the package and/or its contents. Theplacement of the sensor in relation to a package or the content of thepackage may be based on the type of information that the sensor isconfigured to collect. For example, this sensor-collectable informationmay include geographic location and/or other conditions associated withthe package or its contents at any given time, including exterior and/orinterior temperature of the package, humidity within or about thepackage, moisture levels within or about the package, altitude of thepackage, and any other conditions that sensors can collect.

The sensors may have transceivers, such as communication radios. In oneexample, the transceiver has selected components of cellular telephonesthat enable effective communication between sensors associated withpackages and other devices while the packages are in transit. Othersimilar wireless and/or wire-line transmission configurations may beused in connection with this disclosure.

Disclosed embodiments may include a network, such as a mesh network,with a plurality of sensors or other devices, some or all of which aresharing information in a collaborative ecosystem. For example, a sensormay be located inside an insulated package and monitoring the internaltemperature of the package. The sensor may, however, need temperatureinformation from the outside of the package as well. Thus, the sensormay identify other nearby sensors to which it can connect and with whichit can communicate. In some embodiments, the sensor may be able toconnect to sensors located outside of the package, in order to acquireexternal temperature information. This is only one example, as devicescan share many other types of collected information.

In other embodiments, a device that is not a sensor, such as a meshrouter, may request sensor-collectable data from sensors to aggregateand analyze the collected data. For example, a mesh router in a deliverytruck may be configured to collect temperature information from sensorsassociated with individual packages located throughout the truck todetermine temperature topology of the truck, including for exampletemperature differences at the front versus the rear of the truck.

Because these various devices and sensors may share information, thisdisclosure discusses data access protocols to ensure that any requestingdevice seeking the collected information is properly authenticated ashaving permission. For example, disclosed embodiment may employ aserver-side model of authentication for data access. This may alsofacilitate point-to-point identification of requesting devices, whichmay perform ping-like sweeps of nearby nodes. If a nearby node responds,it may identify a unique identifier, such as the MAC address, of therequesting node. The responding node may authenticate the requestingdevice in part based on its unique identifier. Additionally, theresponding node may take into account other factors in authenticatingthe requesting node, such as other collected sensor information.

This point-to-point system, in a mesh network for example, enables eachcommunicating device to increase their data density without the overheadof additional devices needing to relay the collected information. Thissystem may also simplify the integration needed to enable devices frommultiple manufacturers to share information. These examples, of course,are not limiting, and one of ordinary skill would understand that thescope of the invention includes numerous embodiments.

Reference will now be made in detail to exemplary embodimentsillustrated in the accompanying drawings. Wherever possible, the samereference numbers will be used throughout the drawings to refer to thesame or like parts.

FIG. 1 illustrates an exemplary system 100 for collecting data about anenvironment of a package. System 100 may include mesh network 102. Meshnetwork 102 may include a plurality of interconnected devices, such assensor device 104, requesting device 106, and secondary device 108, aswell as other devices not shown. Other embodiments may use a differenttype of network other than mesh network 102, such a local area network(LAN), wide area network (WAN), wireless, and/or wired network.

System 100 also may include Authentication Host 110 and/or Sensor-DataHost 112, which may be connected to mesh network 102 via network 114.Network 114 is configured to facilitate communications, such as amongmesh network 102, authentication host 110, and/or sensor-data host 112.In addition, mesh network 102, authentication host 110, and/orsensor-data host 112 may access other systems or other entities vianetwork 114, that are not shown in system 100. Network 114 may be ashared, public, or private network, may encompass a wide area or localarea, and may be implemented through any suitable combination of wiredand/or wireless communication networks. Furthermore, network 114 maycomprise a local area network (LAN), a wide area network (WAN), anintranet, or the Internet. In some embodiments, mesh network 102,authentication host 110, and/or sensor-data host 112 may be directlyconnected, in whole or in part, instead of connected through network114.

Mesh network 100 may include devices used in the delivery of packages.The devices may be used to track or analyze conditions in an environmentof one or more packages during transit. For example, sensor device 104may be located inside or near a package, and may collect data aboutenvironmental conditions, such as temperature, light level, motion,pressure, humidity, gas level, airflow, vibrations, radiation, time,audio, video, orientation, location, or other sensor-collectable data.

Requesting device 106 is also configured to collect data aboutenvironmental conditions about a package. Alternatively or additionally,requesting device 106 may analyze sensor-collectable data to preparereports or to trigger actions or alerts based on the sensor-collectabledata. In some embodiments, requesting device 106 may request datacollected by sensor device 104. And in some embodiments, requestingdevice 106 may not include a sensor or collect data.

In one example, requesting device 106 may be located inside a partiallyinsulated package. The contents of the package may be temperaturedependent, and may be damaged if the temperature exceeds a certainamount. Requesting device 106, or some other device, may be able totrigger an alert if the temperature inside the package exceeds athreshold, or if it is in danger of exceeding the threshold. Duringtransit, the package may be moved from truck to truck at a warehouse,and may be located outside or in a non-refrigerated container.Therefore, requesting device 106 may ping nearby sensors in an attemptto determine temperature information outside of the package. In thisexample, sensor device 104 may collect temperature information outsideof the package, and requesting device 106 may request that outsidetemperature information. If the temperature outside of the package isvery high, then requesting sensor 106 may determine that the package isin danger of exceeding the threshold temperature, and may trigger analert.

Requesting device 106, or any other device, may also rely on historicalinformation when analyzing conditions. For example, if the package islocated outside at a certain time, requesting device 106 may need toknow whether it can expect the temperature to increase or decrease andhow long it can expect to wait outside. Requesting device 106 may obtainthis historical information from a host, such as sensor-data host 112,either directly or through another device or host. For example,requesting device 106 may receive this historical information throughsensor device 104.

In an environment in which sensor-collectable data is so easily shared,it may be necessary to implement authentication techniques, so that thesensor-collectable data cannot be shared with outside parties. Indeed,some sensor-collectable data may be confidential or propriety. Thus, insome embodiments, requesting device 106 may be required to authenticateitself in some way to sensor device 104 before receiving thesensor-collectable data.

Additionally, other devices in mesh network 100 may be configured tocollect data from sensor 104. For example, secondary device 108 mayutilize such data, but may retrieve the data from requesting device 106instead of directly from sensor device 104. In some embodiments,requesting device 106 may serve as a proxy for secondary device 108.

When requesting device 106 requests sensor data from sensor 104, sensor104 may authenticate requesting device 106 to ensure that it is allowedaccess to the sensor data. Sensor device 104 may perform thisauthentication locally, or may request that authentication host 110perform the authentication. Authentication host 110 may then determinewhether or not requesting device 106 should be authenticated, and maysend this determination to sensor device 104.

Requesting device 106 may provide the location of sensor-data host 112to sensor device 104. Thus, after sensor device 104 authenticatesrequesting device 106, it may send the requested sensor-collectable datato sensor-data host 112 for processing, storage, and/or analysis.

System 100 is one example configuration, and the number and distributionof the various entities shown may be different depending on specificembodiments. In some embodiments, authentication host 110 and/orsensor-data host 112 may be distributed over multiple entities,including other distribution systems, sensors, computers, handheldcomputers, mobile phones, tablet computers, or other computing platform.Thus, the configuration described in system 100 is an example only andis not intended to be limiting.

FIG. 2 is a block diagram 200 illustrating a non-limiting example ofdevices and hosts utilized in some example system configurations. Blockdiagram 200 includes device 202 and host 204. Device 202 may correspondto sensor device 104, requesting device 106, and/or secondary device108. And host 204 may correspond to authentication host 110 and/orsensor-data host 112.

Device 202 may include detecting portion 206, which may include one ormore software and/or hardware components for collecting data about anenvironment of a package. In other words, detecting portion 206 may besome kind of sensor. For example, detecting portion 206 may collectlocation information about the package. In some embodiments, locationinformation may include the use of a Global Positioning System (GPS). IfGPS is used, detecting portion 104 may use the course acquisition code(C/A Code) utilized in GPS technology.

The location information may also be determined through cellulartriangulation, wireless network association, the capture of fixedlocation scan, or the capture of mobile location scan. The fixedlocation and mobile location scans may use 1D or 2D barcodes, or RadioFrequency Identification (RFID). For example, device 202 may scan abarcode or read an RFID tag associated with a predefined location.Device 202 may be able to look-up the predefined location after the scanusing a value associated with the barcode or RFID.

In international locations, multiple global navigational satellitesystems may be available. Improved service may be provided by utilizingswitching connections, similar to switching between multiple cellularnetworks. For example NaviStar (US), GLONASS (Russia) and othersatellite systems may be available. Thus, detecting portion 206 mayswitch among different GPS providers when determining locationinformation. Additionally, adding timing correction or differential GPSwith satellite-based augmentation systems may improve the performance ofsystems in urban canyons and may improve accuracy down to the sub-meter.

In addition to or instead of location information, detecting portion 206may collect other data related to a package and/or its content, forexample, environmental conditions at any or a selected time. Forexample, detecting portion 206 may collect data about temperature, lightlevel, motion, pressure, humidity, gas level, airflow, vibrations,radiation, time, audio, video, or other environmental conditions. Duringtransit, the environment of some packages may need to be within certainparameters, such as within a certain temperature, pressure, or humidityrange. Other information like time, audio, or video may be relevant todetermining the circumstances of delivery of the package.

For example, detecting portion 206 may include a camera configured torecord still images or video of a person accepting the package upondelivery, or upon arrival at an intermediate destination, like aprocessing center. The detecting portion 206 may also record audio usingan audio recorder or determine a time using an internal clock. Thus,disclosed embodiments may use different types of sensors configured tocollect different types of environmental data. In some embodimentsdevice 202 may include numerous detecting portions 206, each of which isconfigured to collect a different kind of environmental data. In someembodiments, a single detecting portion 206 may be capable of collectingdifferent kinds of environmental data.

Device 202 may also include central processing unit (CPU) 208 and memory210 to process data, such as the collected environmental data. CPU 208may include one or more processors configured to execute computerprogram instructions to perform various processes and methods. CPU 208may read the computer program instructions from memory 210 or from anycomputer-readable medium. Memory 210 may include random access memory(RAM) and/or read only memory (ROM) configured to access and storeinformation and computer program instructions. Memory 210 may alsoinclude additional memory to store data and information, such as thecollected environmental data, and/or one or more internal databases tostore tables, lists, or other data structures.

I/O Unit 212 in device 202 may send the collected environmental data toanother device for processing and/or storage. I/O Unit 212 may send thecollected data over some type of network, such as a mesh network 102and/or network 114.

Host 204 may include CPU 214, memory 216, database 218, and I/O Unit220. Database 218 may store large amounts of data, and may include amagnetic, semiconductor, tape, optical, or other type of storage device.

CPU 214, memory 216, and I/O Unit 220 from host 204 may be similar toCPU 208, memory 210, and I/O Unit 212 from device 202. In someembodiments, CPU 214, memory 216, and I/O Unit 220 from host 204 may bemore robust and have more capabilities than CPU 208, memory 210, and I/OUnit 212 from device 202. Indeed, host 204 may be a larger and morecapable computer, whereas device 202 may be small and portable.

Block diagram 200 is one example configuration, and the number andcomponents of the various entities shown may be different depending onspecific embodiments. For example, in some embodiments, device 202 maynot include CPU 208 and/or memory 210. In other embodiments, host 204may be distributed over multiple entities, including other distributionsystems, sensors, computers, handheld computers, mobile phones, tabletcomputers, or other computing platform. Device 202 may similarly beimplemented or distributed over any computing platform. Thus, theconfiguration described in block diagram 200 is an example only and isnot intended to be limiting.

FIG. 3 is a flow chart of the operations of an exemplary method 300 forsending sensor-collectable data from sensor device 104 to requestingdevice 106. Method 300 may be performed by various components on sensordevice 104. Method 300 may also be performed by other device, or inconjunction with other device, even ones not shown in system 100 orblock diagram 200. In some configurations, some steps in method 300 areoptional or can be rearranged. Further, additional steps can also beadded to method 300.

Sensor device 104 may collect first sensor-collectable data usingdetecting portion 206 (step 302). The first sensor-collectable data maybe about any environmental condition, for example, temperature datainside a package. Next, sensor device 104 may determine if it hasreceived an external request to access the first sensor-collectable datausing CPU 208 (step 304). The external request may come from requestingdevice 106.

If sensor device 104 does not receive such a request, it continueslooping until it receives one. Alternatively, if sensor device doesreceive such a request, then it determines if requesting device 106 isauthenticated to receive the first sensor-collectable data (step 306).Sensor device 104 may make this determination by examining alocally-stored list or other data structure stored in memory 210, forexample.

Alternatively or additionally, sensor 104 may send a request toauthentication host 110 to determine whether or not requesting device106 is authenticated to access the first sensor-collectable data.Because authentication host 110 may have more processing power andstorage, it may be advantageous to employ it in authenticatingrequesting device 106. This may allow for additional parameters to beused in authenticating requesting device 106. It may also be easier toupdate the data used to authenticate requesting device 106 usingauthentication host 110, or to add different types of data from thirdparties to do so.

If requesting device 106 is not authenticated to receive the firstsensor-collectable data, then sensor device 104 may prohibit access tothe first sensor-collectable data by requesting device 106 (step 308),after which exemplary method 300 may end. Alternatively, if requestingdevice is authenticated to receive the first sensor-collectable data,then sensor device 104 may send the first sensor-collectable data torequesting device 106 using I/O Unit 212 (step 310), after whichexemplary method 300 may end.

FIG. 4 is an example of a table 400 used for authenticating requestingdevice 106. Table 400 may be stored on memory 210 of sensor device 104.Alternatively, table 400 may be stored on authentication host 110 incertain embodiments, or elsewhere.

In one example configuration, table 400 includes column 402 and 404.Column 402 lists known requesting devices or other identifiersassociated with requesting devices. For example, column 402 may includea list of keys that a requesting devices may use to authenticatethemselves. Alternatively, column 402 may list MAC addresses ofrequesting devices. Column 402 may also list ranges, types of devices,or other more generic identifiers as well. One of ordinary skill wouldunderstand that various static or dynamic identifiers may be used toauthenticate requesting devices.

Column 404 of table 400 includes a list of different sensor-collectabledata for which a particular device is authenticated. For example, row406 states that device A is permitted to receive data about temperature,humidity, audio, video, and motion. Thus, when requesting device 106requests one or more of these types of sensor-collectable data fromsensor device 104, requesting device 106 is authenticated to receivethem. Similarly, row 408 states that device B is permitted to receivedata about temperature and video. Row 410, however, states that device Cis not permitted to receive any type of sensor-collectable data. One ofordinary skill would understand that table 400 is just an example of howrequesting device 106 may be authenticated and is not limiting.Alternatively, requesting device 106 may be authenticated based on analgorithm or a different data structure.

FIG. 5 is a flowchart of the operations of an exemplary method 500 forsending sensor-collectable data from sensor device 104 to requestingdevice 106, when requesting device 106 requests multiple types ofsensor-collectable data. Method 500 may be performed by variouscomponents on sensor device 104. Method 500 may also be performed by anyother device, or in conjunction with other device, even ones not shownin system 100 or block diagram 200. In some configurations, some stepsin method 500 are optional or can be rearranged. Further, additionalsteps can also be added to method 500.

Sensor device 104 may receive a request to access multiple types ofsensor-collectable data using I/O Unit 212 (step 502). For example,sensor device 104 may determine that requesting device 106 has requestedtemperature, audio, video, and humidity data. Sensor device 104 may thendetermine if requesting device 106 is authenticated for none of therequested data using CPU 208 (step 504). In some embodiments, sensordevice may consult table 400 to make this determination.

If sensor device 104 determines that requesting device 106 is notauthenticated for any of the requested sensor-collectable data, thensensor device 104 may prohibit access to the requestedsensor-collectable data using CPU 208 (step 506). For example, sensordevice 104 may prohibit requesting device 106 from accessing therequested temperature, audio, video, and humidity data.

Alternatively, if sensor device 104 determines that requesting device106 is authenticated for at least some of the requestedsensor-collectable data, then sensor device 104 may determine whetherrequesting device 106 is authenticated for all of the requested datausing CPU 208 (step 508). If requesting sensor 106 is authenticated forall of the requested data, sensor device 104 may send all requested datato requesting device 106 (step 510), after which method 500 ends. Forexample, sensor device 104 may send the requested temperature, audio,video, and humidity data to requesting device 106.

If, alternatively, sensor device 104 determines that requesting device106 is not authenticated for all of the requested data, this may meanthat requesting device 106 is authenticated for only a subset of therequested sensor-collectable data. For example, requesting device 106may be authenticated to receive temperature and video data and not audioand humidity data. In this scenario, sensor device 104 may determinewhether or not requesting device 106 will accept only a subset of therequested data using CPU 208 (step 516). For example, sensor device 104may determine whether requesting device 106 would accept a partialfulfillment of its request: the requested temperature and video data butnot the requested audio and humidity data. Requesting device 106 mayhave a general policy of accepting partial fulfillment or not, whichsensor device 104 may be aware of. Alternatively, requesting device 106may determine on a case-by-case basis whether it will accept aparticular partial fulfillment of its request.

In some embodiments, instead of determining whether requesting device106 accepts partial fulfillment of the requested data, sensor device 104may conditionally deny the request. For example, sensor device 104 couldinform requesting device 106 that its request is denied fully, butbecause certain of the requested data is not authenticated forrequesting device 106. In this way, requesting device 106 may make anadditional request, perhaps for higher-priority data that it needs.Alternatively, requesting device 106 may check back again in case theconditions for denying it access change.

If sensor device 104 determines that requesting device 106 will acceptonly a subset of its request, then sensor device 104 sends only therequested data that is authenticated to requesting device 106 using I/OUnit 212 (step 514). For example, sensor device 104 may send therequested temperature and video data, but not the requested audio andhumidity data, to requesting device. Alternatively, if sensor device 104determines that requesting device 106 will not accept only a subset ofits request, then sensor device 104 prohibits access to all of therequested sensor-collectable data (step 516), after which method 500ends.

FIG. 6 is a flow chart of the operations of an exemplary method 600 forsending sensor-collectable data from sensor device 104 to a destinationin accordance with routing information provided by requesting device106. Method 600 may be performed by various components on sensor device104. Method 600 may also be performed by any other device, or inconjunction with any other device, even ones not shown in system 100 orblock diagram 200. In some configurations, some steps in method 600 areoptional and can be rearranged. Further, additional steps can also beadded to method 600.

Sensor device 104 may collect first sensor-collectable data usingdetecting unit 206 (step 602). Sensor device 104 may then receive arequest from requesting device 106, via I/O Unit 212, to access thefirst sensor-collectable data (step 604). The request may includerouting information, Routing information may indicate a destination forthe first sensor-collectable data, such as sensor-data host 112. In someembodiments, requesting device 106 may be in a location that does notallow for the storage and/or processing of the first sensor-collectabledata. For example, requesting device 106 may be in a country thatprohibits the storage of certain types of audio and/or videoinformation. Thus, requesting device 106 may instruct sensor device 104to provide the first sensor-collectable data to another location, suchas sensor-data host 112. Sensor-data host 112 may be in a location thatdoes not have restrictions on storing and/or processing the firstsensor-collectable data.

In some embodiments, the routing information may serve to combatcongestion in a network. For example, requesting device 106 may be awareof congestion in certain parts of the network, and may instruct sensordevice 104 to send the first sensor-collectable data via a differentroute in the network. These instruction may be in the routinginformation that requesting device 106 may send to sensor device 104.

After receiving the request, sensor device 104 may determine whether ornot the requesting device 106 is authenticated to receive, request, orhave access to the first sensor-collectable data (step 606).Alternatively or additionally, sensor device 104 may determine ifsensor-data host 112 is authenticated to receive, request or have accessto the first sensor collectable data. If requesting device 106 and/orsensor-data host 112 is not authenticated, then sensor device 104 mayprohibit access to the first sensor-collectable data (step 608), afterwhich method 600 may end.

Alternatively, if requesting device 106 and/or sensor-data host 112 isauthenticated, then sensor device 104 may send the firstsensor-collectable data in accordance with the routing information (step610) using I/O Unit 212, after which method 600 may end. For example,sensor device 104 may route the first sensor-collectable data tosensor-data host 112. And in some embodiments, sensor device 104 mayroute the first sensor-collectable data to avoid network congestion.

FIG. 7 is a flow chart of the operations of an exemplary method 700 forsending sensor-collectable data from sensor device 104 to requestingdevice 106, if certain sensor-collectable data is associated with aparticular value or range. Method 700 may be performed by variouscomponents on sensor device 104. Method 700 may also be performed by anyother device, or in conjunction with any other device, even ones notshown in system 100 or block diagram 200. In some configurations, somesteps in method 700 are optional or can be rearranged. Further,additional steps can also be added to method 700.

Disclosed embodiments may relate to prohibiting access to firstsensor-collectable data depending on a value of secondsensor-collectable data. For example, requesting device 106 may requestfirst sensor-collectable data, for example, temperature data, fromsensor device 104. Requesting device 106 may be authenticated to receivethe temperature data. Requesting device 106, however, may include adetecting portion 206, which enables it to collect its own secondsensor-collectable data, such as GPS location information. Sensor device104 may analyze this second sensor-collectable data (e.g., locationinformation), and may determine that requesting device 106 may belocated in a jurisdiction with rules prohibiting storage or access totemperature information. Accordingly, even though requesting device 106may be authenticated to access the first sensor-collectable data (e.g.,temperature), sensor device 104 may nonetheless prohibit access becausesecond sensor-collectable data (e.g., requesting device 106's location)is associated with a predetermined value (e.g., a jurisdictionprohibiting collection of temperature data).

In some embodiments, the second sensor-collectable data may be alsocollected at sensor device 102. For example, the second sensorcollectable data may be similar to or the same as the firstsensor-collectable data collected at sensor device 102. In someembodiments, certain parties may not wish to share the firstsensor-collectable data if it is outside of a certain range. A transportcompany, for example, may not need to report temperature data unless itis in a critical range. Thus, even though the requesting device 106 maybe authenticated to access the first sensor-collectable data (e.g.,temperature data), sensor device 104 may still not make this dataaccessible, because it is not in a predetermined range.

Alternatively, the second sensor-collectable data may be collected bysensor device 102, but may be different from the firstsensor-collectable data. For example, a transportation company may notwant to publish or report temperature data unless the humidity level iswithin a certain range. The temperature data may not be meaningful orcritical, in this example, unless the humidity level is also in acertain range. In these situations, even though the requesting device106 may be authenticated to receive the first sensor-collectable data(e.g., temperature), sensor device 104 may still not make this dataaccessible, because second sensor-collectable data (e.g., humidity) itis not in a predetermined range.

Referring back to FIG. 7, sensor device 104 may collect firstsensor-collectable data using detecting unit 206 (step 702). Next,sensor device 104 may receive, from requesting device 106, a request toaccess the first sensor-collectable data (step 704). If sensor unit hasnot received such a request, it may continue checking until it doesreceive such a request. Alternatively, if sensor device 104 does receivethe request, then it may determine if the requesting device isauthenticated to receive the first sensor-collectable data using CPU 208(step 706).

If requesting device 106 is not authenticated, then sensor device 104may prohibit access by requesting device 106 to the firstsensor-collectable data using CPU 208 (step 710), after which method 700may end. Alternatively, if the requesting device 106 is authenticated,then sensor device 104 may determine if second sensor-collectable dataequals or is otherwise associated with a predetermined value or rangeusing CPU 208 (step 708). If the second sensor-collectable data isassociated with the predetermined value/range, then sensor device 104may prohibit access by requesting sensor 106 to the first sensorcollectable data using CPU 208 (step 710), after which method 700 mayend.

Alternatively, if the second sensor-collectable data is not associatedwith the predetermined value/range, then sensor device 104 may allowrequesting device 106 to access the first sensor-collectable data usingI/O Unit 212 (step 712), after which method 700 may end. For example,sensor device 104 may send the second sensor-collectable data torequesting device 106.

While certain features and embodiments of the invention have beendescribed, other embodiments of the invention will be apparent to thoseskilled in the art from consideration of the specification and practiceof the embodiments of the invention disclosed herein. Furthermore,although aspects of embodiments of the present invention have beendescribed in part as software, computer-executable instructions, and/orother data stored in memory and other storage mediums, one skilled inthe art will appreciate that these aspects can also be stored on or readfrom other types of tangible, non-transitory computer-readable media,such as secondary storage devices, like hard disks, floppy disks, or aCD-ROM, or other forms of RAM or ROM. Further, the steps of thedisclosed methods may be modified in various ways, including byreordering steps and/or inserting or deleting steps, without departingfrom the principles of the invention.

It is intended that the specification and examples be considered asexemplary only, with a true scope and spirit of the invention beingindicated by the following claims.

1. A method for distributing sensor data, the method comprising:receiving, from a requesting device, a request to access firstsensor-collectable data associated with at least one package, whereinthe requesting device is authenticated to access the firstsensor-collectable data; and when second sensor-collectable data isassociated with a predetermined value, denying the request for access.2. The method of claim 1, wherein the requesting device comprises asensor.
 3. The method of claim 2, wherein the second sensor-collectabledata is collected by the sensor of the requesting device.
 4. The methodof claim 1, further comprising: denying the request for access based onthe requesting device being located in a jurisdiction prohibiting accessof the first sensor-collectable data.
 5. The method of claim 1, themethod further comprising: collecting the first sensor-collectable dataat a sensor device, wherein the sensor device is in proximity to the atleast one package; and collecting the second sensor-collectable data atthe sensor device.
 6. The method of claim 1, further comprising:accessing an authentication host over a network to authenticate therequesting device for the first sensor-collectable data.
 7. The methodof claim 1, further comprising: accessing a local pre-configured list toauthenticate the requesting device for the first sensor-collectabledata.
 8. The method of claim 1, wherein the request for access to thefirst sensor-collectable data comprises routing information to be usedif the request for access is granted, wherein the routing informationindicates a sensor-data host different than the requesting device. 9.The method of claim 8, wherein if the request for access is granted, themethod further comprises: sending the first sensor-collectable data tothe sensor-data host in accordance with the routing information.
 10. Themethod of claim 1, wherein the first sensor-collectable data describesenvironmental conditions of the at least one package.
 11. Acomputer-readable medium storing program instructions, which, whenexecuted by a processor, cause the processor to perform a method fordistributing sensor data, the method comprising: receiving, from arequesting device, a request to access first sensor-collectable dataassociated with at least one package, wherein the requesting device isauthenticated to access the first sensor-collectable data; and whensecond sensor-collectable data is associated with a predetermined value,denying the request for access.
 12. The computer-readable medium ofclaim 11, wherein the requesting device comprises a sensor.
 13. Thecomputer-readable medium of claim 12, wherein the secondsensor-collectable data is collected by the sensor of the requestingdevice.
 14. The computer-readable medium of claim 11, the method furthercomprising: denying the request for access based on the requestingdevice being located in a jurisdiction prohibiting access of the firstsensor-collectable data.
 15. The computer-readable medium of claim 11,the method further comprising: collecting the first sensor-collectabledata at a sensor device, wherein the sensor device is in proximity tothe at least one package; and collecting the second sensor-collectabledata at the sensor device.
 16. The computer-readable medium of claim 11,the method further comprising: accessing an authentication host over anetwork to authenticate the requesting device for the firstsensor-collectable data.
 17. The computer-readable medium of claim 11,the method further comprising: accessing a local pre-configured list toauthenticate the requesting device for the first sensor-collectabledata.
 18. The computer-readable medium of claim 11, wherein the requestfor access to the first sensor-collectable data comprises routinginformation to be used if the request for access is granted, wherein therouting information indicates a sensor-data host different than therequesting device.
 19. The computer-readable medium of claim 18, whereinif the request for access is granted, the method further comprises:sending the first sensor-collectable data to the sensor-data host inaccordance with the routing information.
 20. The method of claim 11,wherein the first sensor-collectable data describes environmentalconditions of the at least one package.
 21. A device for distributingsensor data, the device comprising: an I/O unit configured to receive,from a requesting device, a request to access first sensor-collectabledata associated with at least one package, wherein the requesting deviceis authenticated to access the first sensor-collectable data; and aprocessor configured to deny the request for access when secondsensor-collectable data is associated with a predetermined value. 22.The device of claim 21, wherein the requesting device comprises asensor.
 23. The device of claim 22, wherein the secondsensor-collectable data is collected by the sensor of the requestingdevice.
 24. The device of claim 21, wherein the processor is furtherconfigured to: deny the request for access based on the requestingdevice being located in a jurisdiction prohibiting access of the firstsensor-collectable data.
 25. The device of claim 21, further comprisinga detecting portion configured to: collect the first sensor-collectabledata in proximity to the at least one package; and collect the secondsensor-collectable data.
 26. The device of claim 21, wherein the I/Ounit is further configured to: access an authentication host over anetwork to authenticate the requesting device for the firstsensor-collectable data.
 27. The device of claim 21, wherein theprocessor is further configured to: access a local pre-configured listto authenticate the requesting device for the first sensor-collectabledata.
 28. The device of claim 21, wherein the request for access to thefirst sensor-collectable data comprises routing information to be usedif the request for access is granted, wherein the routing informationindicates a sensor-data host different than the requesting device. 29.The device of claim 28, wherein if the request for access is granted,the processor is further configured to: send the firstsensor-collectable data to the sensor-data host from the I/O unit inaccordance with the routing information.
 30. The device of claim 21,wherein the first sensor-collectable data describes environmentalconditions of the at least one package.